Keep track of IPs for PVE hosts
Yea they're all random, I'll deal with that later
This commit is contained in:
parent
9023b269eb
commit
058290b321
11 changed files with 33 additions and 19 deletions
|
@ -1,5 +1,5 @@
|
||||||
nebula:
|
nebula:
|
||||||
subnet: 10.23.2.0/24
|
cidr: 10.23.2.0/24
|
||||||
clients:
|
clients:
|
||||||
casey:
|
casey:
|
||||||
ip: 10.23.2.1
|
ip: 10.23.2.1
|
||||||
|
|
13
ansible/group_vars/all/pve.yml
Normal file
13
ansible/group_vars/all/pve.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
pve_hosts:
|
||||||
|
internal_cidr: 10.23.1.0/24
|
||||||
|
ingress:
|
||||||
|
ip: 192.168.2.201
|
||||||
|
internal_ip: 10.23.1.88
|
||||||
|
jellyfin:
|
||||||
|
ip: 192.168.2.46
|
||||||
|
internal_ip: 10.23.1.29
|
||||||
|
pve_docker:
|
||||||
|
ip: 192.168.2.47
|
||||||
|
internal_ip: 10.23.1.7
|
||||||
|
homeassistant:
|
||||||
|
ip: 192.168.2.41
|
|
@ -1,9 +1,7 @@
|
||||||
expose_ssh: true
|
expose_ssh: true
|
||||||
|
|
||||||
private_ip: "{{ ansible_default_ipv4.address }}"
|
private_ip: "{{ pve_hosts.pve_docker.ip }}"
|
||||||
protected_ip: 192.168.2.47
|
protected_ip: "{{ pve_hosts.pve_docker.internal_ip }}"
|
||||||
|
|
||||||
traefik_proxy_protocol_trusted_ips: 10.23.0.0/16
|
|
||||||
|
|
||||||
traefik_provider_jellyfin: true
|
traefik_provider_jellyfin: true
|
||||||
traefik_provider_homeassistant: true
|
traefik_provider_homeassistant: true
|
||||||
|
|
|
@ -32,7 +32,7 @@ tun:
|
||||||
routes:
|
routes:
|
||||||
unsafe_routes:
|
unsafe_routes:
|
||||||
{% if ansible_fqdn != "ingress" %}
|
{% if ansible_fqdn != "ingress" %}
|
||||||
- route: 10.23.1.0/24
|
- route: "{{ pve_hosts.internal_cidr }}"
|
||||||
via: "{{ nebula.clients.ingress.ip }}"
|
via: "{{ nebula.clients.ingress.ip }}"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
|
|
@ -59,7 +59,7 @@
|
||||||
table: nat
|
table: nat
|
||||||
chain: POSTROUTING
|
chain: POSTROUTING
|
||||||
out_interface: ens18
|
out_interface: ens18
|
||||||
source: "{{ nebula.subnet }}"
|
source: "{{ nebula.cidr }}"
|
||||||
jump: MASQUERADE
|
jump: MASQUERADE
|
||||||
notify: persist iptables
|
notify: persist iptables
|
||||||
become: true
|
become: true
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
- ip
|
- ip
|
||||||
- route
|
- route
|
||||||
- show
|
- show
|
||||||
- "{{ nebula.subnet }}"
|
- "{{ nebula.cidr }}"
|
||||||
register: routes
|
register: routes
|
||||||
changed_when: false
|
changed_when: false
|
||||||
become: true
|
become: true
|
||||||
|
@ -15,8 +15,8 @@
|
||||||
- ip
|
- ip
|
||||||
- route
|
- route
|
||||||
- add
|
- add
|
||||||
- "{{ nebula.subnet }}"
|
- "{{ nebula.cidr }}"
|
||||||
- via
|
- via
|
||||||
- "{{ ingress_private_ip }}"
|
- "{{ pve_hosts.ingress.internal_ip }}"
|
||||||
become: true
|
become: true
|
||||||
when: nebula.subnet not in routes.stdout
|
when: nebula.cidr not in routes.stdout
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
ingress_private_ip: 10.23.1.88
|
|
|
@ -1,7 +1,5 @@
|
||||||
traefik_influx_db_dir: ./influxdb
|
traefik_influx_db_dir: ./influxdb
|
||||||
|
|
||||||
traefik_proxy_protocol_trusted_ips: "{{ wireguard.cidr }}"
|
|
||||||
|
|
||||||
traefik_provider_jellyfin: false
|
traefik_provider_jellyfin: false
|
||||||
traefik_provider_homeassistant: false
|
traefik_provider_homeassistant: false
|
||||||
|
|
||||||
|
|
|
@ -9,4 +9,4 @@ http:
|
||||||
service-homeassistant:
|
service-homeassistant:
|
||||||
loadBalancer:
|
loadBalancer:
|
||||||
servers:
|
servers:
|
||||||
- url: http://192.168.2.41:8123
|
- url: http://{{ pve_hosts.homeassistant.ip }}:8123
|
||||||
|
|
|
@ -9,4 +9,4 @@ http:
|
||||||
service-jellyfin:
|
service-jellyfin:
|
||||||
loadBalancer:
|
loadBalancer:
|
||||||
servers:
|
servers:
|
||||||
- url: http://10.23.1.29:8096
|
- url: http://{{ pve_hosts.jellyfin.internal_ip }}:8096
|
||||||
|
|
|
@ -3,17 +3,23 @@ entryPoints:
|
||||||
address: :80
|
address: :80
|
||||||
proxyProtocol:
|
proxyProtocol:
|
||||||
trustedIPs:
|
trustedIPs:
|
||||||
- "{{ traefik_proxy_protocol_trusted_ips }}"
|
- "{{ wireguard.cidr }}"
|
||||||
|
- "{{ pve_hosts.internal_cidr }}"
|
||||||
|
- "{{ nebula.cidr }}"
|
||||||
web-secure:
|
web-secure:
|
||||||
address: :443
|
address: :443
|
||||||
proxyProtocol:
|
proxyProtocol:
|
||||||
trustedIPs:
|
trustedIPs:
|
||||||
- "{{ traefik_proxy_protocol_trusted_ips }}"
|
- "{{ wireguard.cidr }}"
|
||||||
|
- "{{ pve_hosts.internal_cidr }}"
|
||||||
|
- "{{ nebula.cidr }}"
|
||||||
matrix:
|
matrix:
|
||||||
address: :8448
|
address: :8448
|
||||||
proxyProtocol:
|
proxyProtocol:
|
||||||
trustedIPs:
|
trustedIPs:
|
||||||
- "{{ traefik_proxy_protocol_trusted_ips }}"
|
- "{{ wireguard.cidr }}"
|
||||||
|
- "{{ pve_hosts.internal_cidr }}"
|
||||||
|
- "{{ nebula.cidr }}"
|
||||||
traefik:
|
traefik:
|
||||||
address: "{{ private_ip }}:8080"
|
address: "{{ private_ip }}:8080"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue